Why use SD-WAN?

SD-WAN solutions available in the marketplace have differing architectures. It is important to understand the architecture of each SD-WAN solution because the architecture significantly impacts the solution’s performance, security, and manageability. Architectural considerations may vary based on your business objectives and desire to maintain MPLS, create a hybrid WAN, provide direct-to-net connectivity, and integrate wired/wireless LAN into your network fabric. 

• Describe the architecture of your solution. In your description, identify where functionality such as orchestration, security, and WAN optimization are located.
• Which components of your solution are hardware-based, and which are software-based?
• Which components of your solution must be provided in the cloud and which components may be provided in the cloud or on site?
• How do you integrate with the underlay network infrastructure? Discuss in detail how your solution integrates with traditional WANs during the migration phase.
• Expand on your answer to the preceding question and describe more broadly how your SD-WAN solution integrates with a traditional WAN that is based on hardware-centric devices and MPLS.
• Describe how your solution supports remote users.
• Describe how your solution supports IoT devices.
• Does your solution integrate with the wired and wireless LAN network at edge locations? If so, please describe. 
• How does your architecture enable connectivity to public cloud offerings? Describe how the architecture ensures high performance, security, and manageability.
• Describe the ability of your solution to provide connectivity between disparate cloud IaaS platforms. 
• Which applications can your solution recognize? How and where is the application identification performed and how is that information used within your solution?
• Describe how your solution provides connectivity to the Internet, i.e. direct from sites or tunnels to central site. Include in your description any associated WAN optimization and security functionality. 
• Describe how your solution provides connectivity to SaaS-based applications. Include in your description any WAN optimization and security functionality as well as the ability of your solution to recognize applications and treat them differently based on that recognition. 

Even if the architecture of alternate SD-WAN solutions is similar, the technologies that vendors use to implement that architecture can vary. This variance can impact the complexity of the solution as well as the solution’s performance, security, and manageability.

• Which WAN services (e.g., MPLS, fiber, LTE, etc.) are you using? At what speeds?
• How do you handle ancillary services such as DNS, DHCP, and NAT?
• Do you need support for 4G /5G?
• Do you use load-balancing traffic over multiple WAN links? 
• Do you have routing protocols that need to be supported? Which ones?
• Which components of your solution do you provide yourself and which are provided by a 3rd party?
• In addition to the routing functionality, is there other functionality often associated with routers such as application recognition, QoS, and embedded firewalls that you would like to have support?

As organizations migrate from traditional networks to SD-WAN, it is important to consider how to integrate traditional and SD-WAN networks and if/when to eliminate traditional hardware-based branch office routers. 

• Do you need support for multiple data centers?
• Do you have any Layer 2 or 3 network considerations that we need to be aware of in your base network insertion model (Layer 3 or Layer 2)?
• Do you need a solution that would replace branch office routers? Do you need support for eBGP?
• Do you need support for hub-and-spoke and any-to-any/full-mesh communications? 
• Do you need support for a hub-and-spoke design with multiple hubs? 
• Are you looking for L7-aware service chaining between SD-WAN and WAN optimization functionality?
• What are your existing routers and routing protocols being used and do they need to remain the same or would a network redesign be needed?

To support enterprise deployments, SD-WAN solutions need to be highly scalable. They also need to be able to provide functionality to ensure that multiple WAN links can be effectively leveraged to provide high availability.

• Are there scalability requirements that we need to be aware of?
• How many sites and how many tunnels would be needed?
• Are you using a hub and spoke and full mesh architecture? 
• Do you need high availability at both data centers and branch offices? 
• Do you need mirrored uplinks?

In contrast to a traditional WAN, SD-WAN makes greater use of broadband services that do not include performance guarantees. It is therefore critical to understand how SD-WAN solutions address latency and ensure acceptable performance levels.

• Do you need prioritization of any traffic types? 
• Do you have applications that are sensitive to latency, packet loss, jitter) and how they are used?
• Are you using VoIP or UCaaS or video calling?
• Do you need any of the following WAN optimization functionality?
• Deduplication
• Compression
• Caching
• Video stream splitting
• Latency mitigation techniques including Layer 4 and Layer 7 application optimization
• Encrypted traffic support such as HTTPS

Driven by the adoption of direct Internet access (DIA) and the continuing expansion of mobility and the IoT, network organizations need to rethink their approach to security.

• Do you have any specific security considerations that we need to be aware of for the WAN links, cloud locations, LAN/Wi-Fi, mobile users, and IoT devices?
• Do you use Cloud Access Security Brokers (CASBs) and/or cloud security providers such as Zscaler?
• Do you need centralized management of security policies that apply to WAN, cloud, and W/LAN?
• Are you using firewalls? What type? Are you looking to replace functionality with a single appliance?
• Do you want to us the SDWAN appliance to block/filter Internet-bound traffic based on domain names?
• Do you use the application of user-level rules for outbound and inbound security?
• Do you need end-to-end user or application-based network segmentation?
• Do you need to encrypt traffic? 
• What are you using for authentication and authorization functionality that governs operator access user and device authentication?
• Do need access control and identity management? Do you have federated ID management systems such as Microsoft Azure?

To ensure SD-WAN performance is equal to or better than your existing WAN, end-to-end monitoring is critical. Monitoring should provide context into the underlay technologies to accelerate troubleshooting.

• What are you currently using to monitor WAN links? 
• Do you need integration with specific software?

SD-WAN provisioning is greatly simplified versus traditional WAN environments. Rather than relying on CLI, which is error-prone, highly manual, and time-consuming, SD-WAN solutions provide a GUI interface that typically is configured centrally and deployed with minimal on-site resources.

• Describe how you design and provision your solutions to work with traditional WAN environments. 
• Describe the process of deploying WAN to a new branch office.
• How do you do software updates?

 While the dynamic nature of SD-WANs adds considerable value, it also adds management complexity. SD-WAN solutions should centralize and simplify management, thereby improving IT productivity.

Rank the following categories from a priority standpoint as things that you would like in the solution

• Solution can be managed both on premise and from the cloud
• Manages the performance of Internet links. Include how you determine that Internet performance is degrading.
• Reporting functionality, and relevant dashboards.
• Centralize management across cloud, SD-WAN, and wired/wireless LAN environments. 
• Ability to centrally set global and local performance policies.
• Ability to centrally set global and local security policies.
• Policies be applied across WAN, wired and wireless LAN, and cloud-based resources.

• What support level is needed? 7x24x365?
• Desired hardware replacement SLAs are offered and in which regions globally?
• Training desired
• In which countries does this need to be available?
• Who answers the phone when you call?

Organizations whose desired IT end state is to have all or essentially all of their IT functionality provided by the cloud.

• Do you need to use Azure or AWS marketplace?
• Do you need connectivity to Direct Connect and Express Route as uplinks?
• Describe how you use Zscaler. Include in your description the ability of your solution to provide:
• Are you looking for functionality to classify applications based on the first packet and the ability of the solution to use this classification to determine how the application is routed to a SaaS provider; e.g., backhauled to a central site, DIA, or handed off to a cloud-based security provider (such as Zscaler)?
• Do your users connect to other IaaS providers? Which ones?
• Are there SaaS applications that we need to be aware of?

Organizations that want their end-to-end network from LAN to WAN to LAN to perform and be managed as a single unified network.

• Is the integration of Wi-Fi, LAN, and traditional WAN components required?
• Do you need to create policies that deliver centralized management and orchestration across Wi-Fi, SD-WAN, and public cloud resources? Do these policies need to support ISO Layer 7 enforcement?
• Relative to the policies described above, how are those policies developed and implemented? Include in your response an example of a policy. 
• Explain how you handle user and device authentication and which technologies are supported.
• How do you support LAN authentication? 
• Describe how your mobile users authenticate to the wireless LAN and access network resources. Do you need support for single sign on and 2-factor authentication for security purposes?
• Do you support IoT devices? 
• Do you offer secure guest services?
• Do you have guest policies such as blocking and/or throttle applications on the guest network to prevent misuse?
•  Does your guest solution support self-registration, non-IT guest management, and sponsor approval to gain guest network access? 
• Describe your integration with 3rd-party guest Wi-Fi services.